Skip to main content
AlexFeren
AlexFeren
New Member
January 23, 2020
Question

"Too many login failures." by administrator - how to reset lockout?

  • January 23, 2020
  • 4 replies
  • 67647 views

Hi Fortigurus,

if an administrator has entered "Too many login failures. Please try again in a few minutes..." lockout state, using CLI command, how can I see which administrator is locked-out and what's the CLI command to unlock (before expiry)?

R's, Alex

 

    4 replies

    ShawnZA
    ShawnZA
    New Member
    January 23, 2020

    Wait for the time to expire and change the thresholds for the lockout

    AlexFeren
    AlexFerenAuthor
    New Member
    January 24, 2020
    I was hoping for something more immediate than waiting for timeout. Does same answer apply to SSL VPN users?
    rwpatterson
    rwpatterson
    New Member
    January 24, 2020

    If you have individual accounts, have another admin log in and look at the logs. Or maybe syslog?

    emnoc
    emnoc
    New Member
    January 28, 2020

     Ideally, if ADMINISTRATOR can't authenticate, lockout is indefinite. Unlocked only by another administrator.

     

    Not correct by any means, also when your address is locked out you can use another address and the same admin account to login in. If what you stated was correct, a hacker could conduct a denial of service attack and lock out any "admin" account.

     

    Btw, I never use the default "admin" for the system in a fortigate.

     

     

    Ken Felix

    AlexFeren
    AlexFerenAuthor
    New Member
    January 28, 2020
    Perhaps you scrutinise every alertemail or log messages - you’ll notice consistently wrong credentials indicative of brute force. I don’t/can’t, so, to have this indelibly flagged I want indefinite lockout, requiring human intervention (not just to unlock but to determine context). (Our admin trustedhost addresses include a variety of address spaces, including is a static VPN address.)
    djp
    djp
    Visitor III
    January 20, 2024

    7.2.6

    diagnose user banned-ip [option]

     


    list List banned IPs.
    add Add banned IP address.
    delete Delete banned IP address.
    clear Clear all banned IP addresses.
    stat stat

    mpeddalla
    Staff
    mpeddalla
    Staff
    January 20, 2024

    Hello @AlexFeren  ,

     

    Thank you for contacting the Fortinet Forum portal.

    Please refer to below article

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-clear-disabled-admin-lockout/ta-p/219176

     

     

    Best regards,

    Manasa.

     

    If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

     

     

    Terms & ConditionsAccessibility statement